PT-2023-32896 · Unknown · Code-Projects Patient Record Management System
Hamdi Sevben
·
Published
2023-12-28
·
Updated
2024-05-17
·
CVE-2023-7135
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
code-projects Record Management System version 1.0
Description
A problematic issue has been discovered, affecting an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument
officename with the input "> leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For code-projects Record Management System version 1.0, consider disabling the
officename argument in the /main/offices.php file until a patch is available. Restrict access to the Offices Handler component to minimize the risk of exploitation. Avoid using the officename argument in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code-Projects Patient Record Management System